162 - Edge Vulns, a SHA-3 Overflow, and an io_uring Exploit
A few issues this week, including an overflow in SHA-3, yet another io_uring bug, and multiple (questionably exploitable) corruptions in Edge.
Posts tagged 'Podcast'
161 - XMPP Stanza Smuggling in Jabber and a Cobalt Strike RCE
Several fun issues this week, from a Cobalt Strike RCE, a couple auth bypasses, and stanza smuggling in Jabber.
160 - Some Browser Exploitation and a Format String Bug?
We've got a few interesting vulns, a blind format string attack, Windows kernel int overflow, and a browser exploit (unchecked bounds after lowering).
159 - GitHub to GitLab RCE and a new PHP Supply Chain Attack
This week we look at a insecure deserialization (GitLab), argument injection (Packagist), and insecure string interpolation (Apache Commons Text)
158 - i.MX Secure Boot Bypass and a Hancom Office Underflow
Just a couple issues this week and a discussion about why you should look at old vulnerabilities and the pace exploit development advanced at.
157 - Got UNIX Sockets and Some Filter Bypasses?
No actual bounties this week, but we start off with a discussion on semgrep vs codeql, then get into some cool issues that you can start testing for.
156 - Pwning Scoreboards, uClibC, and PS5 Exploitation
Starting off with some discussion about XOM and CFI on the PS5 and how it impacts exploitation. Then into a uClibC issue, and hacking wireless scoreboards.
155 - Akamai Cache Poisoning and a Chrome Universal XSS
Had some varied issues this week, a file format allowing JScript for a $20,000 bounty, Akamai Cache Poisoning, Universal XSS in Chrome.
154 - SoCs with Holes, Crow HTTP Bugs, and Bypassing Intel CET
Starting off with meme vulnerabilities in UNISOC BootROMs, and ending with a discussion about bypassing CFI/Intel CET and some fun issues in-between.
153 - Web3 Universal XSS, Breaking BitBucket, and WAF Bypasses
Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE.